[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative

To: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>
From: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>
Date: Fri, 22 Feb 2019 01:39:04 +0100
Cc: Li Zhijian <lizhijian@xxxxxxxxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Jason Wang <jasowang@xxxxxxxxxx>, qemu-devel <qemu-devel@xxxxxxxxxx>, Gerd Hoffmann <kraxel@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Halil Pasic <pasic@xxxxxxxxxxxxx>, Christian Borntraeger <borntraeger@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Corey Minyard <minyard@xxxxxxx>, Amit Shah <amit@xxxxxxxxxx>, qemu-s390x@xxxxxxxxxx, Paul Durrant <paul.durrant@xxxxxxxxxx>, Pavel Dovgalyuk <pavel.dovgaluk@xxxxxxxxx>, Zhang Chen <zhangckid@xxxxxxxxx>, David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>, Prasad J Pandit <pjp@xxxxxxxxxxxxxxxxx>, Cornelia Huck <cohuck@xxxxxxxxxx>, qemu-ppc@xxxxxxxxxx, Stefan Berger <stefanb@xxxxxxxxxxxxx>
Delivery-date: Fri, 22 Feb 2019 00:40:34 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Openpgp: id=89C1E78F601EE86C867495CBA2A3FD6EDEADC0DE; url=http://pgp.mit.edu/pks/lookup?op=get&search=0xA2A3FD6EDEADC0DE

On 2/20/19 12:13 PM, Philippe Mathieu-Daudé wrote:
> On 2/20/19 11:03 AM, Marc-André Lureau wrote:
>> Hi
>>
>> On Wed, Feb 20, 2019 at 2:03 AM Philippe Mathieu-Daudé
>> <philmd@xxxxxxxxxx> wrote:
>>>
>>> The backend should not return a negative length to read.
>>> We will later change the prototype of IOCanReadHandler to return an
>>> unsigned length. Meanwhile make sure the return length is positive.
>>>
>>> Suggested-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
>>> Signed-off-by: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>
>>
>> In such patch, you should do extensive review of existing callbacks,
>> or find a convincing argument that this can't break.
> 
> Argh I missed that.
> 
>> The problem is there are a lot of can_read callbacks, and it's not
>> trivial. The *first* of git-grep is rng_egd_chr_can_read()
>>
>>  57     QSIMPLEQ_FOREACH(req, &s->parent.requests, next) {
>>  58         size += req->size - req->offset;
>>  59     }
>>  60
>>  61     return size;
>>
>> Clearly not obvious if it returns >= 0.
>>
>> Another approach is to look at the caller and the return value
>> handling. If none handle negative values (or would have wrong
>> behaviour with negative values), the assert() is perhaps justified, as
>> it could prevent from doing more harm.
> 
> I'll go and audit all of them.

Actually I already did the work, but it is in the part #2 after this
series, as suggested by Paolo:

https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02294.html

I'll simply cherry-pick the commit from series #2 before this patch.

Thanks,

Phil.

>>> ---
>>>  chardev/char.c | 5 ++++-
>>>  1 file changed, 4 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/chardev/char.c b/chardev/char.c
>>> index f6d61fa5f8..71ecd32b25 100644
>>> --- a/chardev/char.c
>>> +++ b/chardev/char.c
>>> @@ -159,12 +159,15 @@ int qemu_chr_write(Chardev *s, const uint8_t *buf, 
>>> int len, bool write_all)
>>>  int qemu_chr_be_can_write(Chardev *s)
>>>  {
>>>      CharBackend *be = s->be;
>>> +    int receivable_bytes;
>>>
>>>      if (!be || !be->chr_can_read) {
>>>          return 0;
>>>      }
>>>
>>> -    return be->chr_can_read(be->opaque);
>>> +    receivable_bytes = be->chr_can_read(be->opaque);
>>> +    assert(receivable_bytes >= 0);
>>> +    return receivable_bytes;
>>>  }
>>>
>>>  void qemu_chr_be_write_impl(Chardev *s, uint8_t *buf, int len)
>>> --
>>> 2.20.1
>>>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH v3 00/25] chardev: Convert qemu_chr_write() to take a size_t argument
  - From: Philippe Mathieu-Daudé
- [Xen-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative
  - From: Philippe Mathieu-Daudé
- Re: [Xen-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative
  - From: Marc-André Lureau
- Re: [Xen-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative
  - From: Philippe Mathieu-Daudé

Prev by Date: Re: [Xen-devel] [RESEND PATCH 3/7] mm/gup: Change GUP fast to use flags rather than a write 'bool'
Next by Date: [Xen-devel] [linux-4.14 test] 133351: trouble: blocked/broken/pass
Previous by thread: Re: [Xen-devel] [PATCH v3 02/25] chardev: Assert IOCanReadHandler can not be negative
Next by thread: [Xen-devel] [PATCH v3 03/25] chardev/wctablet: Use unsigned type to hold unsigned value
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.